diff --git a/.gitignore b/.gitignore index c393c8d255e59d9f109cddafe552b6eed58f8315..bf22dffc19b002cec3180599acd2745f071cf06d 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ docker-compose.yml # data for the local installation config-dynamic/ volumes/ + +configs/ diff --git a/ans.yml b/ans.yml new file mode 100644 index 0000000000000000000000000000000000000000..3dd5e9c70c2a478c3137d4edf996908ee7047627 --- /dev/null +++ b/ans.yml @@ -0,0 +1,22 @@ +--- +# +## Main accessor for ansible sub scripts. Don't call scripts below this yourself unless you are sure you know what you're doing + +- name: Manage Server + hosts: "{{ host }}" + gather_facts: true + vars_files: + - vars/main.yml + + tasks: + - name: Include variables + include_vars: + dir: vars + + - name: Install server + include: "tasks/install.yml" + when: do_install | default(false) + + - name: Update server + include: "tasks/update.yml" + when: do_update | default(false) diff --git a/manage.sh b/manage.sh new file mode 100755 index 0000000000000000000000000000000000000000..61ea21d47161e1359b748947e994d630bb39b1d4 --- /dev/null +++ b/manage.sh @@ -0,0 +1,39 @@ +function showEeloAnsibleHelp() { + echo "Invocations of this script must provide a valid action to complete. Valid actions are:" + echo "" + echo "install # Installs the full setup or continues an interrupted install" + echo "update # Updates an existing install" + echo "help # Shows this list of commands" +} + +if test "$#" -lt 1; then + echo "You need to provide an action" + showEeloAnsibleHelp + exit 1 +fi + +if [[ $EUID -ne 0 ]]; then + echo "This script requires root/sudo, please rerun the script as such" + exit 1 +fi + +#Force into lower case + case "${1,,}" in + install) + echo "Deploying a full /e/ server setup" + ansible-playbook ans.yml --extra-vars '{"do_install":"true"}' -vvv + ;; + update) + echo "Attempting to update the existing /e/ setup" + ansible-playbook ans.yml --extra-vars '{"do_update":"true"}' -vvv + ;; + help) + echo "Printing help:" + showEeloAnsibleHelp + ;; + *) + echo -e "\e[31mThe action '$1' could not be recognized, aborting execution\e[0m" + echo "" + showEeloAnsibleHelp + exit 1 + esac diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100644 index 0000000000000000000000000000000000000000..15cbf099ce0d117d1150e08b48faf354f261fb6f --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +INSTALL_LOCATION=$1 +if [[ "$BRANCH" != "" ]] +then + echo "No install location specified, defaulting to /mnt/repo-base" + INSTALL_LOCATION="/mnt/repo-base" +fi +################################################################################ +apt-get update && apt install -y --asume-yes true git salt-minion +################################################################################ + + +# Clone repo +echo "Cloning repo .." +git -C /mnt clone ${REPO} ${BRANCH} repo-base + + +# Init salt-minion (masterless) +cp ${INSTALL_LOCATION}/deployment/salt/init-config/masterless.conf /etc/salt/minion.d/ + +# Run repo init (might run a few minutes) +echo "System update and packages installation .." +salt-call state.apply docker-compose + + +# init repo +bash /mnt/repo-base/scripts/init-repo.sh $ENVIRONMENT diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 78c204d047736b695830e7c25fc962ef17dfb0a6..e6f3ec39017525874c3b9c3fcd680a0b0a4c217c 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -18,7 +18,7 @@ docker-compose exec -T --user www-data nextcloud php occ maintenance:install \ --admin-user="$NEXTCLOUD_ADMIN_USER" --admin-pass="$NEXTCLOUD_ADMIN_PASSWORD" \ --admin-email="$ALT_EMAIL" --database="mysql" --database-pass="$MYSQL_PASSWORD_NC" \ --database-name="$MYSQL_DATABASE_NC" --database-host="mariadb" --database-user="$MYSQL_USER_NC" \ - --database-port="3306" --database-table-prefix="" + --database-port="3306" docker-compose exec -T --user www-data nextcloud php occ db:convert-filecache-bigint --no-interaction # Nextcloud resets trusted_domains to localhost during installation, so we have to set it again @@ -31,7 +31,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1 -git clone --single-branch https://framagit.org/tcit/drop_user.git volumes/nextcloud/custom_apps/drop_account +git clone --single-branch https://framagit.org/framasoft/nextcloud/drop_account.git volumes/nextcloud/custom_apps/drop_account docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account echo "Installing custom ecloud drop account plugin" diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000000000000000000000000000000000000..8804338417ea5014d79ee16d3bb8d13ce2c88d1b --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,37 @@ +- name: Verify user settings + include: "tasks/install/verify-domain.yml" + +- name: Install packages + include: "tasks/install/install-packages.yml" + when: use_apt + +- name: Ensure Docker is running and autostarts + service: + name: docker + state: started + enabled: yes + +#TODO Setup certbot auto cert renewal + + +- name: Create config directories + file: + path: configs/{{ config_subfolder }} + state: directory + mode: '700' + owner: "{{ unix_user }}" + with_items: "{{ config_subfolders }}" + loop_control: + loop_var: config_subfolder + + +#Always overwrites +- name: Deploy letsencrypt domain list + copy: + content: "{{ letsencrypt_domains | join('\n') }}" + dest: configs/letsencrypt/autorenew/ssl-domains.dat + +- name: Deplncrypt domain list + copy: + content: "{{ rspamd_password }}" + dest: configs/test.d diff --git a/tasks/install/generate-passwords.yml b/tasks/install/generate-passwords.yml new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/tasks/install/install-packages.yml b/tasks/install/install-packages.yml new file mode 100644 index 0000000000000000000000000000000000000000..abf87d27574a6101dea97d52837b52e799a66676 --- /dev/null +++ b/tasks/install/install-packages.yml @@ -0,0 +1,7 @@ +- name: Update apt repositories cache + apt: + update_cache: yes + +- name: Install apt packages + apt: + pkg: "{{ apt_packages }}" diff --git a/tasks/install/verify-domain.yml b/tasks/install/verify-domain.yml new file mode 100644 index 0000000000000000000000000000000000000000..2066bb1ea4c344f8a7567ef490ec723e7956a21c --- /dev/null +++ b/tasks/install/verify-domain.yml @@ -0,0 +1,23 @@ +- fail: + msg: "{{ primary_domain }} is not a proper domain" + when: primary_domain is not regex('^((?!-)[A-Za-z0-9-]{1,63}(?